Biblio

As cyber-physical systems are becoming more wide spread, it is imperative to secure these systems. In the real world these systems produce large amounts of data. However, it is generally impractical to test security techniques on operational cyber-physical systems. Thus, there exists a need to have realistic systems and data for testing security of cyber-physical systems [1]. This is often done in testbeds and cyber ranges. Most cyber ranges and testbeds focus on traditional network systems and few incorporate cyber-physical components. When they do, the cyber-physical components are often simulated. In the systems that incorporate cyber-physical components, generally only the network data is analyzed for attack detection and diagnosis. While there is some study in using physical signals to detect and diagnosis attacks, this data is not incorporated into current testbeds and cyber ranges. This study surveys currents testbeds and cyber ranges and demonstrates a prototype testbed that includes cyber-physical components and sensor data in addition to traditional cyber data monitoring.

Recent works have empirically shown that neural network interpretability is susceptible to malicious manipulations. However, existing attacks against Interpretable Deep Learning Systems (IDLSes) all focus on the white-box setting, which is obviously unpractical in real-world scenarios. In this paper, we make the first attempt to attack IDLSes in the decision-based black-box setting. We propose a new framework called Dual Black-box Adversarial Attack (DBAA) which can generate adversarial examples that are misclassified as the target class, yet have very similar interpretations to their benign cases. We conduct comprehensive experiments on different combinations of classifiers and interpreters to illustrate the effectiveness of DBAA. Empirical results show that in all the cases, DBAA achieves high attack success rates and Intersection over Union (IoU) scores.

In order to protect the safety of power grid, improve the early warning precision of false data injection. This paper presents a dynamic detection model for false data injection attacks. Based on the characteristics of APT attacks, a model of attack characteristics for trusted regions is constructed. In order to realize the accurate state estimation, unscented Kalman filtering algorithm is used to estimate the state of nonlinear power system and realize dynamic attack detection. Experimental results show that the precision of this method is higher than 90%, which verifies the effectiveness of this paper in attack detection.

In order to solve the problem of large data volume brought by the traditional Nyquist sampling theorem in radar signal detection, a compressive detection (CD) model based on compressed sensing (CS) theory is proposed by analyzing the sparsity of the radar target in the range domain. The lower sampling rate completes the compressive sampling of the radar signal on the range field. On this basis, the two-dimensional distribution of the Doppler unit is established by moving target detention moving target detention (MTD), and the detection of the target is achieved with the two-dimensional constant false alarm rate (2D-CFAR) detection algorithm. The simulation experiment results prove that the algorithm can effectively detect the target without the need for reconstruction signals, and has good detection performance.

Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bit address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by technique efficiency and probing accuracy, large-scale empirical measurement studies under the increasing IPv6 networks are infeasible now. To fill this research gap, by leveraging the extensively adopted IPv6 address allocation strategy, we propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery's packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP's and home routers with an amplification factor of \textbackslashtextbackslashgt 200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.

The power terminal network has the characteristics of a large number of nodes, various types, and complex network topology. After the power terminal network is attacked, the impact of power terminals in different business scenarios is also different. Traditional impact assessment methods based on network traffic or power system operation rules are difficult to achieve comprehensive attack impact analysis. In this paper, from the three levels of terminal security itself, terminal network security and terminal business application security, it constructs quantitative indicators for analyzing the impact of power terminals after being attacked, so as to determine the depth and breadth of the impact of the attack on the power terminal network, and provide the next defense measures with realistic basis.

Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system's efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.

In previous multi-authority key-policy attribute-based Encryption (KP-ABE) schemes, either a super power central authority (CA) exists, or multiple attribute authorities (AAs) must collaborate in initializing the system. In addition, those schemes are proved security in the selective model. In this paper, we propose a new fully secure decentralized KP-ABE scheme, where no CA exists and there is no cooperation between any AAs. To become an AA, a participant needs to create and publish its public parameters. All the user's private keys will be linked with his unique global identifier (GID). The proposed scheme supports any monotonic access structure which can be expressed by a linear secret sharing scheme (LSSS). We prove the full security of our scheme in the standard model. Our scheme is also secure against at most F-1 AAs corruption, where F is the number of AAs in the system. The efficiency of our scheme is almost as well as that of the underlying fully secure single-authority KP-ABE system.

HTTPS provides authentication, data confidentiality, and integrity for secure web applications in the Internet. In order to establish secure connections with the target website but not a man-in-the-middle or impersonation attacker, a browser shows security warnings to users, when different HTTPS errors happen (e.g., it fails to build a valid certificate chain, or the certificate subject does not match the domain visited). Each browser implements its own design of warnings on HTTPS errors, to balance security and usability. This paper presents a list of common HTTPS errors, and we investigate the browser behaviors on each error. Our study discloses browser defects on handling HTTPS errors in terms of cryptographic algorithm, certificate verification, name validation, HPKP, and HSTS.

On ARM processors with TrustZone security extension, asynchronous introspection mechanisms have been developed in the secure world to detect security policy violations in the normal world. These mechanisms provide security protection via passively checking the normal world snapshot. However, since previous secure world checking solutions require to suspend the entire rich OS, asynchronous introspection has not been widely adopted in the real world. Given a multi-core ARM system that can execute the two worlds simultaneously on different cores, secure world introspection can check the rich OS without suspension. However, we identify a new normal-world evasion attack that can defeat the asynchronous introspection by removing the attacking traces in parallel from one core when the security checking is performing on another core. We perform a systematic study on this attack and present its efficiency against existing asynchronous introspection mechanisms. As the countermeasure, we propose a secure and trustworthy asynchronous introspection mechanism called SATIN, which can efficiently detect the evasion attacks by increasing the attackers' evasion time cost and decreasing the defender's execution time under a safe limit. We implement a prototype on an ARM development board and the experimental results show that SATIN can effectively prevent evasion attacks on multi-core systems with a minor system overhead.

Soliciting answers from online users is an efficient and effective solution to many challenging tasks. Due to the variety in the quality of users, it is important to infer their ability to provide correct answers during aggregation. Therefore, truth discovery methods can be used to automatically capture the user quality and aggregate user-contributed answers via a weighted combination. Despite the fact that truth discovery is an effective tool for answer aggregation, existing work falls short of the protection towards the privacy of participating users. To fill this gap, we propose perturbation-based mechanisms that provide users with privacy guarantees and maintain the accuracy of aggregated answers. We first present a one-layer mechanism, in which all the users adopt the same probability to perturb their answers. Aggregation is then conducted on perturbed answers but the aggregation accuracy could drop accordingly. To improve the utility, a two-layer mechanism is proposed where users are allowed to sample their own probabilities from a hyper distribution. We theoretically compare the one-layer and two-layer mechanisms, and prove that they provide the same privacy guarantee while the two-layer mechanism delivers better utility. This advantage is brought by the fact that the two-layer mechanism can utilize the estimated user quality information from truth discovery to reduce the accuracy loss caused by perturbation, which is confirmed by experimental results on real-world datasets. Experimental results also demonstrate the effectiveness of the proposed two-layer mechanism in privacy protection with tolerable accuracy loss in aggregation.

Pattern lock has been widely used for authentication to protect user privacy on mobile devices (e.g., smartphones and tablets). Several attacks have been constructed to crack the lock. However, these approaches require the attackers to be either physically close to the target device or able to manipulate the network facilities (e.g., wifi hotspots) used by the victims. Therefore, the effectiveness of the attacks is highly sensitive to the setting of the environment where the users use the mobile devices. Also, these attacks are not scalable since they cannot easily infer patterns of a large number of users. Motivated by an observation that fingertip motions on the screen of a mobile device can be captured by analyzing surrounding acoustic signals on it, we propose PatternListener, a novel acoustic attack that cracks pattern lock by leveraging and analyzing imperceptible acoustic signals reflected by the fingertip. It leverages speakers and microphones of the victim's device to play imperceptible audio and record the acoustic signals reflected from the fingertip. In particular, it infers each unlock pattern by analyzing individual lines that are the trajectories of the fingertip and composed of the pattern. We propose several algorithms to construct signal segments for each line and infer possible candidates of each individual line according to the signal segments. Finally, we produce a tree to map all line candidates into grid patterns and thereby obtain the candidates of the entire unlock pattern. We implement a PatternListener prototype by using off-the-shelf smartphones and thoroughly evaluate it using 130 unique patterns. The real experimental results demonstrate that PatternListener can successfully exploit over 90% patterns in five attempts.

Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.